Siemens Process Automation End-user Summit- 2011

Similar documents
Process Safety - Market Requirements. V.P.Raman Mott MacDonald Pvt. Ltd.

Integrated but separate

Is your current safety system compliant to today's safety standard?

IEC61511 Standard Overview

Changes in IEC Ed 2

PPA Michaël GROSSI - FSCE PR electronics

Safety Instrumented Systems

White Paper. Integrated Safety for a Single BMS Evaluation Based on Siemens Simatic PCS7 System

Measurement of Safety Integrity of E/E/PES according to IEC61508

Se vuoi ricevere aggiornamenti e novità compila i tuoi dati - In attesa di iniziare

SAFETY MANAGER SC Ensure safety, simplify operations and reduce lifecycle costs

2015 Honeywell Users Group Europe, Middle East and Africa

Fuji Electric s Approach to Machinery Safety and Functional Safety -Total Safety-

Basics of Safety Applications

Safety Instrumented Fire & Gas Systems

Basics of Safety Applications

Certification Report of the ST3000 Pressure Transmitter

Safety Instrumented Systems The Smart Approach

Technical Paper. Functional Safety Update IEC Edition 2 Standards Update

Safety Transmitter / Logic Solver Hybrids. Standards Certification Education & Training Publishing Conferences & Exhibits

SITRANS. Temperature transmitter Functional safety for SITRANS TW. Introduction. General safety instructions 2. Device-specific safety instructions

Functional safety according to IEC / IEC Important user information. Major changes in IEC nd Edition

For Complete Fire and Gas Solutions

High Integrity Pressure Protection System

Certification Report of the ST 3000 Pressure Transmitter with HART 6

Options for Developing a Compliant PLC-based BMS

, CFSE, Senior Manager, ABB Taiwan;, 2011/9/2. Functional Safety. ABB Group September 5, 2011 Slide 1

United Electric Controls One Series Safety Transmitter Safety Manual

InstrumentationTools.com

Process Safety. Allan Rentcome Director Engineering Process Safety Technologies. Insert Photo Here

Implementing Safety Instrumented Burner Management Systems: Challenges and Opportunities

SIL Safety Guide Series MS Single-Acting Spring-Return Hydraulic Linear Actuators

IEC Functional Safety Assessment

Australian Standard. Functional safety Safety instrumented systems for the process industry sector

Improved safety system in a nitric acid plant

Functional Safety Manual June pointek CLS500/LC500

67 th Canadian Chemical Engineering Conference EDMONTON, AB OCTOBER 22-25, 2017

The benefits of modern Integrated Control and Safety Systems architectures for FPSO facilities.

Safety in the process industry

Addressing Challenges in HIPPS Design and Implementation

2013 Honeywell Users EMEA Nice. Johan School. Concepts and Implementation of Process Risk Management using Safety Manager

Failure Modes, Effects and Diagnostic Analysis

Safe area; Zone 1 and Zone 2

Technical Report Proven In Use SITRANS P500

IEC Functional Safety Assessment

Simply reliable: Process safety from Endress+Hauser

Functional Safety Solutions

Failure Modes, Effects and Diagnostic Analysis

New Developments in the IEC61511 Edition 2

Safety Instrumented Systems Overview and Awareness. Workbook and Study Guide

Functional Safety of Machinery Presented by Greg Richards Manufacturing in America 02/22-23/2017

Trusted fault tolerant technology

Engineering Guideline. pac-carriers Type for TRICON system TRICONEX TMR PLC

Manufacturing In America 2016 The Why, What & How of Machine Safety. MIATTO, Detroit MI March 23/24, 2016

FMEDA and Proven-in-use Assessment. Pepperl+Fuchs GmbH Mannheim Germany

100 & 120 Series Pressure and Temperature Switches Safety Manual

Safety. Reliability. Experience.

2013 Honeywell Users Group Europe, Middle East and Africa. Erik de Groot. Safety and Fire & Gas Solutions

Functional Safety: the Next Edition of IEC 61511

Failure Modes, Effects and Diagnostic Analysis

Overfill Prevention Control Unit with Ground Verification & Vehicle Identification Options. TÜVRheinland

Fully configurable SIL2 addressable Fire & Gas Detection solutions

Automation, Software und Informationstechnologie

Fire and Gas Monitoring Panel ST7-HV

Reliability of Safety-Critical Systems Chapter 1. Introduction

Topic MYTH FUNCTIONAL SAFETY IMPLIES HAVING A SIL RATED COMPONENT. Presented by : Arunkumar A

User s Manual. YTA110, YTA310, YTA320, and YTA710 Temperature Transmitters. Manual Change No

Safety Integrated in India Delhi Platform Screen Door Projects. Deng, Jun Min RC-CN DF FA PRM System Engineering Product Manager

Failure Modes, Effects and Diagnostic Analysis. PR electronics A/S Rønde Denmark

FUNCTIONAL SAFETY: A PRACTICAL APPROACH FOR END-USERS AND SYSTEM INTEGRATORS

FUNCTIONAL SAFETY IN FIRE PROTECTION SYSTEM E-BOOK

Session Four Functional safety: the next edition of IEC Mirek Generowicz Engineering Manager, I&E Systems Pty Ltd

FMEDA Report. Failure Modes, Effects and Diagnostic Analysis. KFD0-CS-Ex*.54* and KFD0-CS-Ex*.56* Project: X7300

Safety Integrity Verification and Validation of a High Integrity Pressure Protection System to IEC 61511

Safety lnstrumentation Simplified

Pressure Transmitter cerabar S PMC 731/631 cerabar S PMP 731/635 with ma output signal

This document is a preview generated by EVS

Engineering Guideline. pac-carriers Type SIEMENS ET-200M Fail-safe signal modules

SIPART. Electropneumatic positioner Functional safety for SIPART PS2. Introduction. General safety instructions 2. Device-specific safety instructions

Failure Rate Data, Safety System Modeling Concepts, and Fire & Gas Systems Moderator: Lori Dearman, Webinar Producer Thursday, May 16th, 2013

Functional Safety: What It Is, Why It s Important And How to Comply

FUNCTIONAL SAFETY CERTIFICATE

The Next Generation Machine Protection System

Failure Modes, Effects and Diagnostic Analysis

Hands On: Introduction to Safety Workshop Presented by Robert Jones Manufacturing in America March 14-15, 2018

Failure Modes, Effects and Diagnostic Analysis

Differential Pressure Transmitter deltabar S PMD 230/235 deltabar S FMD 230/630/633 with ma output signal

Digital EPIC 2 Safety manual

STT850 and STT750 SmartLine Temperature Transmitter HART Communications Options Safety Manual 34-TT Revision 4 September 2017

Bionics Instrument. Alarm Handling. Gas Alarm Systems

Failure Modes, Effects and Diagnostic Analysis. Rosemount Inc. Chanhassen, Minnesota USA

Terminal Automation Solutions SmartRadar FlexLine Global Experience. Locally Applied.

Failure Modes, Effects and Diagnostic Analysis

Safety Speed Monitoring

INTERNATIONAL STANDARD

USER APPROVAL OF SAFETY INSTRUMENTED SYSTEM DEVICES

INTERNATIONAL STANDARD

Functional Safety and Explosion Protection

SUPREMATouch. Modular Fire & Gas Detection System

SAFEMASTER PRO. The configurable safety system versatile and extendable. Our experience. Your safety.

Transcription:

Siemens Process Automation End-user Summit- 2011 Experience. Technology. Community

SIMATIC PCS 7 Process Safety Jean-Luc Gummersbach I IA AS PA PRM1

Global market trend in Process Safety Process Safety Market is growing with an annual rate of 5.8% Market will exceed $2 billion in 2014 From 2013 onwards accretion rates of >7% are expected Biggest share of sales volume is in hardware, including bundled software Source : ARC - Process Safety System Worldwide Outlook 2009 through 2014

Global market trend in Process Safety Development of Market Shares (2009 2014) Total Shipments of Process Safety Systems by World Region EMEA market share will decrease from 47.4 % to 43.7 % (775 -> 946 ) Asia market share will increase from 27.1 % to 32.2 % (443 -> 697 ) Latin America market share is stable at 8.7 % (142 -> 188 ) North America market share will decrease from 16.8 % to 15.4 % (275 -> 334 ) Source : ARC - Process Safety System Worldwide Outlook 2009 through 2014

Global market trend in Process Safety Trends in Process Safety Products Integration between BPCS & SIS Scalability Use of common components Better diagnostics Comprehensive lifecycle support SIMATIC PCS 7 ES & OS BPCS = Basic Process Control System SIS = Safety Instrumented System SIMATIC S7-400FH

Market Expectation / Customer Requirements Product related requirements continue integration of standard and safety system improve use and access control better system support for upgrades and application changes improve On-Line-Change Capability consider Cyber Security for SIS especially in the asian market : F-AO

Market Expectation / Customer Requirements Services Process Safety Consultancy: E.g. how to develop safety conform concepts in accordance to existing regulations and standards Functional Safety Workshops & Trainings Engineering Services by supplier or partner Implementation Guidelines Engineering and Planning Guidelines Functional Safety Management (FSM) following IEC61511 (Documentation, project management, validation, )

QMR and TMR technology in the market TMR ICS Triplex Trusted (Rockwell Automation) Single or Redundant Controller each with 3 CPUs SIL 3 3-3-2-0 fault tolerant control system Fault behavior (e.g. CPU fault) Faulty CPU will stop others still run Complete controller has to be exchanged by a new one Faults which are on a common part causes a stop of the controller Same behavior as the Siemens System Siemens controller goes directly into the safe state Siemens controller does not run with internal faults

QMR and TMR technology in the market TMR Triconex Tricon (Invensys) 3 Controller each with 1 CPU Degradation 3-2-1-0 Fault behavior Faulty controller goes to safe state Faulty controller has to be exchanged Degraded mode with time restriction No continuous operation in Dual Mode or Single Mode for SIL 3 No continous operation in Single Mode for SIL 2 3 Controller are required for SIL 3

QMR and TMR technology in the market QMR - HIMA HIQUAD Single or redundant controller each with 2 CPUs Fault behavior CPU Fault Faulty Controller goes to safe state Faulty Controller has to be exchanged Other Controller faults Faulty Controller goes to safe state Faulty Controller has to be exchanged Same behavior as the Siemens System

QMR and TMR technology in the market Strength Robust High Availabilty Concept Comprehensive IO module range Well established Safety Systems Large installed base Weakness Controllers have to be installed in one chassis System is not integrated into a DCS system no integrated solution Additional engineering tool is required Additional bus system for the safety communication is required Redundant or Hot Swap IO has to be placed besides the first I/O module in the same rack or chassis (Tricon) High Common-Cause failure

Flexible Modular Redundancy (FMR) DI Simplex Dual 1oo1 LS DI Triple 1oo2 Valves 2oo3 PT

Flexible Modular Redundancy DI Make any component redundant

Software Execution Time redundancy and software diversity instead of using two CPUs (hardware redundancy) Time redundancy and instruction diverse processing Logical program execution and data flow monitoring Bool and Word operations processed in different parts of the CPU 2 independent hardware timer Operands A, B (Bool) Operation = C Result Diversity Operands Encoding AND OR Comparison Stop At D /C Diversity /A, /B (Word) Operation = D = /C Diversity Result Time redundancy Time

Flexible Modular Redundancy DI Make any component redundant Physically separate redundant resources DI

Flexible Modular Redundancy DI Make any component redundant Physically separate redundant resources DI Mix and match redundancy

Flexible Modular Redundancy Dual DI Make any component redundant Physically separate redundant resources DI Mix and match redundancy Simplex Triple

Flexible Modular Redundancy DI Dual Make any component redundant DI Physically separate redundant resources Mix and match redundancy Tolerate multiple faults with no impact on safety Simplex Triple

Flexible Modular Redundancy (FMR) Safety Integrity Level up to SIL 3 with one controller Highest Safety Integrity Level Highest Flexibility Separate or combine safety and standard application in one CPU Use redundancy for safety only where it is needed Parallel use of PROFIsafe on PROFIBUS Highest Availability through Multiple Fault Tolerance Architecture allows system to tolerate multiple faults IO redundancy independent of CPU redundancy IO and device redundancy can be matched to maximize availability Cost reduction Use redundancy only where you need it for safety or availability

SIL Verification acc. IEC 61508 and IEC 61511 IEC61508 IEC 61508 serves as the basic standard and basis for safety standardization. It covers all areas where electrical, electronic or PLC systems are used to realize safety-related protection functions. IEC61511 There are sector-specific standards based on IEC 61508, such as IEC 61511 for the process industry or IEC 61513 for the nuclear industry These sector standards are important for planners and operators of corresponding plants.

SIL Verification acc. IEC 61508 and IEC 61511 Determination of the maximum SIL for E/E/PE safety related subsystem Example in IEC 61508-2 (Clause 7.4.4.2.3) Both element 1 and element 3 restrict the maximum SIL that can be claimed to just SIL 1 E/E/PE = electrical and/or electronic and/or programmable electronic

SIL Verification acc. IEC 61508 and IEC 61511 Verification of the Safety Integrity Level (SIL) of the hardware for the safety instrumented system (SIS) Structural suitability demands on hardware fault tolerance (HFT) Safety related probability of failure on demand (PFD)

SIL Verification acc. IEC 61508 and IEC 61511 Sensor Power Communication CPU Communication Relay MCC Architecture and Hardware Fault Tolerance Sensor Part Transmitter HFT = 0, Proven in use => SIL 2 Power Supply HFT = 0 => SIL 1 Sensor Part SIL 1 SPAES Hardware 2011 failure Goa, tolerance India / requirements Siemens according AG 2011. to All IEC Rights 61511-1 Reserved. clause 11.4

SIL Verification acc. IEC 61508 and IEC 61511 Sensor Power Communication CPU Communication Relay MCC Architecture and Hardware Fault Tolerance Logic System (Controller and IO) IO SIL 3 certified according to IEC 61508 => SIL 3 Controller SIL 3 certified according to IEC 61508 => SIL 3 Communication SIL 3 certified according to IEC 61508 => SIL 3 Logic System SIL 3

SIL Verification acc. IEC 61508 and IEC 61511 Sensor Power Communication CPU Communication Relay MCC Architecture and Hardware Fault Tolerance Final element Relay HFT = 0, Proven in use => SIL 2 MCC HFT = 0, Proven in use => SIL 2 Final element SIL 2 Hardware failure tolerance requirements according to IEC 61511 clause 11.4

SIL Verification acc. IEC 61508 and IEC 61511 Sensor Power Communication CPU Communication Relay MCC Architecture and Hardware Fault Tolerance Total system Sensor part = SIL 1 Logic system = SIL 3 Final element = SIL 2 Total system = SIL 1

SIL Verification acc. IEC 61508 and IEC 61511 Sensor Power Communication CPU Communication Relay MCC Probability of Failure on Demand PFD Total PFD S = 5.68E-4 PFD = 4.10E-4 L PFD FE = 1.77E-3 PFD Total = 5.68E-4 + 4.10E-4 + 1.77E-3 PFD Total = 2.75E-3 Total system = SIL 2

SIL Verification acc. IEC 61508 and IEC 61511 Sensor Power Communication CPU Communication Relay MCC Architecture and Hardware Fault Tolerance Result SIL 1 Probability of Failure on Demand Result SIL 2 Overall Result SIL 1 Architecture must be changed to claim higher SIL

SIL Verification acc. IEC 61508 and IEC 61511 1oo2 Sensor Sensor Power Power Logic system and IO Relay MCC Architecture and Hardware Fault Tolerance Result SIL 2 Probability of Failure on Demand Result SIL 2 Result All Over SIL 2 Hardware failure tolerance requirements according to IEC 61511 clause 11.4

We wish you a successful meeting! Questions? Jean-Luc Gummersbach PCS 7 Product Management I IA AS PA PRM1 E-Mail: gummersbach.jean-luc@siemens.com

2024 © homedocbox.com Privacy Policy | Terms of Service | Feedback